Data Protection

The practice is committed to the security of patient and staff records. Regular checks will be undertaken to assess workspaces for potential breaches and loss of data.

The practice will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant. This will include training on Confidentiality issues, Data Protection Act principles, working security procedures, and the application of Best practice in the workplace.

When considering new practice and methods a Data Protection Impact Assessment (DPIA) will be completed by the practice, to look at information usage, storage and the legal basis.

The practice will maintain a record of data breaches and near misses. Based on the investigations, improvements to systems will be implemented and staff involved will be offered support and further training to prevent a repeat. The log will be reviewed annually and fed back to all members of staff.

The practice will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.

The practice will maintain a system of Significant Event Reporting through a no-blame culture to capture and address incidents which threaten compliance.